In this podcast recorded at RSA Conference 2017, Melanie Ensign, Co-Chair for WISP and Head of Security & Privacy Communications at Uber, and Ajay Arora, CEO and founder of Vera Security, talk about how information security is changing on several levels and how modern security teams are now looking at their responsibility in their companies as enabling new business opportunities.
They also tackle the notion of transparency and control, the fact that people now literally have both a physical existence and a digital existence, and much more.
Here’s a transcript of the podcast for your convenience.
Ajay Arora: Hi, I’m Ajay Arora. I’m the CEO and founder of Vera Security. I’m here with Melanie, if you’d like to introduce yourself.
Melanie Ensign: Sure. I’m Melanie Ensign, I’m currently on the board of WISP which is a non-profit Women in Security and Privacy. And we are dedicated and really focused on helping more women join the security community and help them advance and develop once they’re in the field.
Ajay Arora: Excellent, I know this is your anniversary in WISP, correct?
Melanie Ensign: Yeah, a couple of months. We’re pretty new but we definitely saw a need for the organization just had so many women that were really interested in getting involved cause these are problems like security and privacy are things that resonate with a lot of people. A lot of people want to help and get involved, so we created the organization to give women those resources and that opportunity to join.
Ajay Arora: That’s a really interesting perspective. So we’re here at RSA this year, so with that as kind of the theme, with that as a backdrop, are you seeing just the face of RSA in security in general changing, and why and how is that important? What’s your perspective on that?
Melanie Ensign: Sure. So, one of the things that I’ve noticed this year at RSA in particular, and I can’t say I’ve seen this so much on the show floor, but one of the great things about RSA in general is the community that it brings. Everybody’s here in San Francisco all at once making connections, forging relationships and so there are a lot of events, kind of side-events that happen because we’re all here at the same time. And so you’re able to see smaller groups of people meet because they are working on a similar problem together and because they are attracted to solving the same issues and helping people in similar ways.
What I’ve seen at some of those surrounding events is more and more people from outside the traditional infosec community coming on board and bringing new perspectives and expertise with them. So, disciplines like psychology, behavioral science, neurobiology, a lot of things that are less about the technology and more about the people.
We’ve seen some of this at specific companies. Google’s actually a really good example where they’ve done a lot of user testing in terms of how do people respond to security warnings. Having too many of them and having them when they’re unclear is really hard to get people to understand what you’re trying to communicate to them, and then also motivate them to take the steps and the behavior that you hope that they will do. And so there’s definitely more in the surrounding community here this week. More of those types of people who are coming together to say ‘I’m not an engineer, but I know how to help solve this problem because we’ve been working on it in other disciplines and other fields’.
Ajay Arora: That’s a very interesting point. So I’ve been coming to RSA for longer than I want to admit, and every year there’s more and more people. It’s not just the number of people that the actual composition of these people are changing dramatically. I think you struck on a really important point, is that when people are bombarded by the same messaging, they get desensitized to it. And this whole notion about security being all about fear for boarding and that whole fear and certainly doubt facto, it kind of turns people away from it. So, what do you think, with this kind of new composition of people coming in, how’s that going to change the face of security? Is it actually, at the end of the day, going to make things better and how?
Melanie Ensign: So I mentioned we’re really excited about the future of security for that reason, with this integration of people from other fields and disciplines. Because I think what it does is it removes a lot of the mysticism and magic from the way that we’ve traditionally talked about security, and it forces people to be a lot more transparent and a lot more logical in the way that we think about security. And so, you know, sometimes as an industry, I like to tell people – if people believe that you’re a wizard and they don’t understand what you do, it may make you feel very valued, but it actually, they don’t value you because they don’t understand what you do.